Главная Обзор Помощь
Вход
sintez
/
py_task
2
0
Ответвить 0
Файлы Задачи 0 Запросы на слияние 0 Вики
Дерево: 609422c2ac
Ветки Метки
py_task
/
venv
/
lib
/
python3.9
/
site-packages
/
bandit
/
plugins
/
general_hardcoded_tmp.py

general_hardcoded_tmp.py 2.2 KB
История Исходник

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980 
  1. #
    2. 

  2. # Copyright 2014 Hewlett-Packard Development Company, L.P.
    3. 

  3. #
    4. 

  4. # SPDX-License-Identifier: Apache-2.0
    5. 

  5. r"""
    6. 

  6. ===================================================
    7. 

  7. B108: Test for insecure usage of tmp file/directory
    8. 

  8. ===================================================
    9. 

  9. 

  10. Safely creating a temporary file or directory means following a number of rules
    11. 

  11. (see the references for more details). This plugin test looks for strings
    12. 

  12. starting with (configurable) commonly used temporary paths, for example:
    13. 

  13. 

  14.  - /tmp
    15. 

  15.  - /var/tmp
    16. 

  16.  - /dev/shm
    17. 

  17.  - etc
    18. 

  18. 

  19. **Config Options:**
    20. 

  20. 

  21. This test plugin takes a similarly named config block,
    22. 

  22. `hardcoded_tmp_directory`. The config block provides a Python list, `tmp_dirs`,
    23. 

  23. that lists string fragments indicating possible temporary file paths. Any
    24. 

  24. string starting with one of these fragments will report a MEDIUM confidence
    25. 

  25. issue.
    26. 

  26. 

  27. .. code-block:: yaml
    28. 

  28. 

  29.     hardcoded_tmp_directory:
    30. 

  30.         tmp_dirs: ['/tmp', '/var/tmp', '/dev/shm']
    31. 

  31. 

  32. 

  33. :Example:
    34. 

  34. 

  35. .. code-block: none
    36. 

  36. 

  37.     >> Issue: Probable insecure usage of temp file/directory.
    38. 

  38.        Severity: Medium   Confidence: Medium
    39. 

  39.        CWE: CWE-377 (https://cwe.mitre.org/data/definitions/377.html)
    40. 

  40.        Location: ./examples/hardcoded-tmp.py:1
    41. 

  41.     1 f = open('/tmp/abc', 'w')
    42. 

  42.     2 f.write('def')
    43. 

  43. 

  44. .. seealso::
    45. 

  45. 

  46.  - https://security.openstack.org/guidelines/dg_using-temporary-files-securely.html
    47. 

  47.  - https://cwe.mitre.org/data/definitions/377.html
    48. 

  48. 

  49. .. versionadded:: 0.9.0
    50. 

  50. 

  51. .. versionchanged:: 1.7.3
    52. 

  52.     CWE information added
    53. 

  53. 

  54. """  # noqa: E501
    55. 

  55. import bandit
    56. 

  56. from bandit.core import issue
    57. 

  57. from bandit.core import test_properties as test
    58. 

  58. 

  59. 

  60. def gen_config(name):
    61. 

  61.     if name == "hardcoded_tmp_directory":
    62. 

  62.         return {"tmp_dirs": ["/tmp", "/var/tmp", "/dev/shm"]}
    63. 

  63. 

  64. 

  65. @test.takes_config
    66. 

  66. @test.checks("Str")
    67. 

  67. @test.test_id("B108")
    68. 

  68. def hardcoded_tmp_directory(context, config):
    69. 

  69.     if config is not None and "tmp_dirs" in config:
    70. 

  70.         tmp_dirs = config["tmp_dirs"]
    71. 

  71.     else:
    72. 

  72.         tmp_dirs = ["/tmp", "/var/tmp", "/dev/shm"]
    73. 

  73. 

  74.     if any(context.string_val.startswith(s) for s in tmp_dirs):
    75. 

  75.         return bandit.Issue(
    76. 

  76.             severity=bandit.MEDIUM,
    77. 

  77.             confidence=bandit.MEDIUM,
    78. 

  78.             cwe=issue.Cwe.INSECURE_TEMP_FILE,
    79. 

  79.             text="Probable insecure usage of temp file/directory.",
    80. 

  80.         )
    81.